Netboot across subnets with newer Macs

colonelpanic
Contributor

I was glad to hear that I wasn’t the only person at JNUC who was having trouble netbooting over subnets with new Apple machines!

In order to netboot over subnets PREVOUS to Lion Internet Recovery being enabled on a mac, simply use the bless command (sudo bless --netboot --server bsdp://1.2.3.4)

For any computers that have Lion Internet Recovery Enabled (All 2012 macs and any 2011 mac with all EFI updates installed) the process is a little more conveluded.

Set up the netboot image like normal, but in the Server Admin app inside the Netboot pane, change the dropdown menu from NFS to HTTP. I am doing this off the top of my head so I’ll lead this post later when I can remember what the dropdown menu is called. Then, Take your NetBoot.dmg (found inside your .nbi folder) and place it on a web server somewhere that is visible to the client you would like the netboot from.

Below is an example of the command you need to use. My NetBoot server is 1.2.3.4, and my http server is 5.6.7.8. The http server can be the same as the netboot server, I just used different IP addresses in this example to show that you can place the actual NetBoot.dmg file somewhere on a web server (I placed mine in the root directory in this example)

Sudo bless --netboot --booter tftp://1.2.3.4/NetBoot/NetBootSP0/OS.nbi/i386/booter --kernelcache tftp://1.2.3.4/NetBoot/NetBootSP0/OS.nbi/i386/kernelcache --options 'rp=http://5.6.7.8/NetBoot.dmg'

I hope this helps everyone! I’ll update this a little later and try to make things a little clearer.

34 REPLIES 34

smithtwin
New Contributor

Jason,

Thank you for this post. That was me in the workshop who spoke up regarding the bless command, and the trouble we have had with trying to point to the NetBoot/SUS. It looks like I wasn't the only one either, and this document you posted is a HUGE help. Thank you for taking the time to post these steps. You saved me and my team a HUGE amount of time.

Have an awesome rest of JNUC!

Jason

Kumarasinghe
Valued Contributor

I use this for 10.7 images.
Script taken from Internet

#!/bin/bash

### Global Variables ###
server="xxx.xxx.xxx.xxx"
sharepoint="NetBootSP0"

### Fuctions ###

reimage () {

# Determine Arch value and point to proper netboot image

setName="Casper-NetBoot-10.7.2.nbi"
imageName="NetBoot.dmg"

protocol="nfs"
nextboot="--nextonly"

/usr/sbin/bless --netboot --booter "tftp://${server}/NetBoot/${sharepoint}/${setName}/i386/booter" --kernelcache "tftp://${server}/NetBoot/${sharepoint}/${setName}/i386/kernelcache" --options "rp=${protocol}:${server}:/private/tftpboot/NetBoot/${sharepoint}:${setName}/${imageName}" $nextboot

reboot
}

reimage

technicholas
Contributor

NetBoot is SLOW with the new MacBook Pro's we have been experiencing very slow netboots doing 20 machines in a lab we have to start 4 then wait for the netboot to get done and start 4 more. We had 600+ machines! It took a while but its done.

Not applicable

I was able to get this to work finally. Thank you. It helps a lot. I was going crazy trying to get Casper imaging up and running correctly. But now that I can netboot, I can't seem to get diskless working. Casper imaging crashes because it can't unmount the local hard drive. No matter what I do I can't get a Mac NetBooting with this method to use a network shadow file. Were you able to get this working?

Not applicable

I was able to get it working by creating a RAM drive with the rc.netboot file from this site.

http://www.macos.utah.edu/documentation/administration/setup_netboot_service_on_mac_os_x_10.6.x_client.x_client/setup_netboot_service_on_mac_os_x_10.6.x_client-diskless_netboot.html

Not sure why I was unable to use a network shadow drive, but the above did work for me.

taugust04
Valued Contributor

Great tip!!!!!

If you are trying to boot a 10.8 netboot image, the URL is a little different.

Sudo bless --netboot --booter tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootXYZ.nbi/i386/booter --kernelcache tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootXYZ.nbi/i386/x86_64/kernelcache --options 'rp=http://5.6.7.8/NetBoot.dmg'

Just saved me from having to bring a laptop loaded with Server/NetBoot on it to re-image a couple of different areas that don't have access to our standard NetBoot service available! AWESOME!

donmontalvo
Esteemed Contributor II

@taugust04 Thanks for the command, I confirmed it works on 2012 Late model Macs. Below is the command

sudo bless --netboot --booter tftp://XX.XX.XX.XX/NetBoot/NetBootSP0/MyNetBootImage.nbi/i386/booter --kernelcache tftp://XX.XX.XX.XX/NetBoot/NetBootSP0/MyNetBootImage.nbi/i386/x86_64/kernelcache --options 'rp=http://XX.XX.XX.XX/NetBoot.dmg'

Of course replace XX.XX.XX.XX with the IP Address for your NetBoot server, and replace MyNetBootImage.nbi with your NBI name.

Takes for friggin' ever to boot...LOL...but well worth it.

Thanks Ted!

Don

--
https://donmontalvo.com

SeanA
Contributor III

@taugust and others... if you are using the bless command to netboot across subnets, what kind of times are you looking at? (I know that there are other variables at play here; I am just looking for a rough ballpark of results).

acdesigntech
Contributor II

I've been unofficially clocking boot times on the SAME subnet which is also relatively quiet (reserved mostly for imaging/testing) at about 5 - 6 minutes (100 mbit) to netboot to a 10.8.2 nbi. PATHETICALLY SLOW.... even on a 1000 mbit switch it's still 3 minutes. Oddly, my 10.6.7 nbi on the same 10.8 server boots in about 1 minute on 1000mbit, 2 on 100mbit.

I did clock it at about 11 minutes for a full netboot on a typically loaded switch out on the production floor. I've also noticed a graphical anomaly with 10.8 when I screen share into a mac, and reboot it to a 10.8 nbi. about 75% of the time it will reboot, and then I'll just get a gray window with an apple logo on it (you know, after about 12 minutes). I have to get the IP address of the Mac and then reconnect to it. Happens when the Mac's on the same subnet too, just faster :)

Annoying mostly, but is anyone else noticing this?

acdesigntech
Contributor II
--options 'rp=http://XX.XX.XX.XX/NetBoot.dmg'

@donmontalvo so I should be setting up a webserver, and in the web servers directory I simply place the image file? Have you (or anyone else) had experience serving this from a mountain lion server?

donmontalvo
Esteemed Contributor II

@acdesigntech Man, crow never tasted this good. :) So I jumped the gun when I posted. When I used this command last night, I got the big flashing globe followed by the little rotating globe followed by the circular progress icon...

external image link

...so when I saw the circular progress icon I went home. I came in this morning and the circular progress icon was still going. :(

When I hit the URL, the NetBoot.dmg file downloads fine. The only think I could think of is that it's owned by admin and was 644. So I changed it to owner is root and 755, and I stopped/started web services and NetBoot services. I left it in the same state tonight as I did yesterday, at the circular progress icon.

I guess I'll have my fingers crossed when I get in tomorrow. :)

[edit] Server is running 10.8.2 with latest updates

Don

--
https://donmontalvo.com

acdesigntech
Contributor II

@donmontalvo: Any update on this?

Besides the advantage of being able to host the netboot.dmg on a different server using http rather than nfs, any other advantages? Speed?

I was thinking rather than hosting another service on the server sI control, or (shudder) allowing servers i DON'T control to host the .dmg, just continuing to use nfs as the protocol for netboot. Thoughts?

donmontalvo
Esteemed Contributor II

I got tired of futzing with NBAS so I took a couple of spare USB drives and dropped our RESTORE image on 'em...instant portable Casper Imaging drives. :)

--
https://donmontalvo.com

dolivieri
New Contributor

Bump!

Still a bit new to this. 10.8.3 NetBoot image on a late 2012 Mac Mini. Tried using the following scripts with no luck.

Sudo bless --netboot --booter tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/booter --kernelcache tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/x86_64/kernelcache --options 'rp=http://5.6.7.8/NetBoot.dmg'

bless --netboot --booter tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/booter --kernelcache tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/x86_64/kernelcache --options 'rp=http://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/NetBoot.dmg' --nextonly

/NetBootML01.nbi/ is where my NetBoot image lives.

Tested each one scoped to a policy that triggered at startup, once per computer. The policy executed but the computer never actually NetBooted with either version of the script. In the policy I chose to Override the Default Policy Setting for NetBoot Server and chose our internal server. Attached the script, and set it to run with the Before priority.

Also worth noting I guess that I've tried with both HTTP and NFS without success.

Is there a more efficient way to go about doing this? I've tried different sources outside of JAMFNation and had similar results. At this point one server per subnet isn't starting to sound like too ridiculous of an option if I just keep spinning my wheels trying to NetBoot across subnets :/

Appreciate any advice, thanks!

bentoms
Honored Contributor III
Honored Contributor III

If you attempt to NetBoot (holding N).. Then go into verbose mode (cmd + V)..

You should hopefully see some messages, please post them here.

Kprice
New Contributor III

@ dolivieri
In our environment I had to enable PortFast and set IP Helper address on our Switches.

ClassicII
Contributor III

@ dolivieri

Agreed netbooting across subnets with firmware updated macs is a huge pain and if you look around no one has been able to get this to work with out an ip helper.

The question is how is your netboot failing ? Does the machine just reboot or not even try?

Another problem is that the process has so many fail points. Does the machine get the booter file, is it able to download the kernelcache file over tftp before the machine automatically reboots.. the list goes on.

Also are you using 10.8 server?

The 2nd one you posted looks like it would work.

bless --netboot --booter tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/booter --kernelcache tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/x86_64/kernelcache --options 'rp=http://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/NetBoot.dmg' --nextonly

For NFS you need to change it a bit.

bless --netboot --booter tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/booter --kernelcache tftp://1.2.3.4/NetBoot/NetBootSP0/NetBootML01.nbi/i386/x86_64/kernelcache --options 'rp=nfs:1.2.3.4:/private/tftpboot/NetBoot/NetBootSP0:NetBootML01.nbi/NetBoot.dmg' --nextonly

acdesigntech
Contributor II

so I have a situation with MacBookPro8,2 and 9,1 model types specifically: how do I get them to use the long (or short, i don''t care which) form bless command to netboot across subnets? This is my situation:

I have a netINSTALL that was created from (at the time) the latest and greatest 10.8 InstallESD.dmg. There is no mach.macosx file to speak of, so i cannot specify --kernel=......../mach.macosx, and since they run 10.6, they don't understand the --kernelcache switch.

For some reason they do not understand the shortform of the bless command (bless --netboot --server bsdp://....). They just end up rebooting to the internal hard disk. If i put them on the same subnet as the netboot server, the short form works just fine.

I did try copying a mach.macosx and associated mkext to my 10.8 netinstall so I could use the long form command, and the computer takes the command and reboots, but just sits at the gray apple screen and never boots any further than that.

I'm at a loss as to how to go about this. I have not run across any other model types that have this issue.

Josh_S
Contributor III

I'll cover all four ways to do this (and I really hope I didn't make a typo). I've played with NetBoot/NetInstall across subnets using the long form quite a bit. For NetBoot, not NetInstall, you need to specify the kernel/kernelcache option. You can omit both when doing an NetInstall. I always use the "--verbose" and "--nextonly" flags. They are not necessary.

Variables:

ipAddress='xxx.xxx.xxx.xxx'
nbiName='NetBoot.nbi'
dmgName='NetBoot.dmg'

NetBoot for a server running OS X Server:

bless --verbose --netboot --booter "tftp://${ipAddress}/NetBoot/NetBootSP0/${nbiName}/i386/booter" --kernelcache "tftp://${ipAddress}/NetBoot/NetBootSP0/${nbiName}/i386/x86_64/kernelcache" --options "rp=nfs:${ipAddress}:/private/tftpboot/NetBoot/NetBootSP0:${nbiName}/${dmgName}" --nextonly

NetInstall for a server running OS X Server:

bless --verbose --netboot --booter "tftp://${ipAddress}/NetBoot/NetBootSP0/${nbiName}/i386/booter" --options "rp=nfs:${ipAddress}:/private/tftpboot/NetBoot/NetBootSP0:${nbiName}/${dmgName}" --nextonly

NetBoot for a server running JAMFs NetSUS/NetBoot appliance:

bless --verbose --netboot --booter "tftp://${ipAddress}/${nbiName}/i386/booter" --kernelcache "tftp://${ipAddress}/${nbiName}/i386/x86_64/kernelcache" --options "rp=nfs:${ipAddress}:/srv/NetBoot/NetBootSP0:${nbiName}/${dmgName}" --nextonly

NetInstall for a server running JAMFs NetSUS/NetBoot appliance:

bless --verbose --netboot --booter "tftp://${ipAddress}/${nbiName}/i386/booter" --options "rp=nfs:${ipAddress}:/srv/NetBoot/NetBootSP0:${nbiName}/${dmgName}" --nextonly

Good Luck!

acdesigntech
Contributor II

@josh_s: thanks for the info. unfortunately I'm getting the same results. I'm VPN'ed into the office right now so Can't get too many log entries from a verbose boot.

I may just end up recommending that we pick up the units and image them on the same subnet as the NB server... We've already wasted many precious hours trying to use NBAS.

ClassicII
Contributor III

@acdesigntech

First reset the pram on that machine then try this.

bless --netboot --booter tftp://ipaddreessofserver/NetBoot/NetBootSP0/Netbootname.nbi/i386/booter --options 'rp=nfs:ipaddressofserver:/private/tftpboot/NetBoot/NetBootSP0:Netbootname.nbi/dmgname.dmg' --nextonly

Troubleshooting wise you can find out what the problem is by using verbose mode. After you fire off that command hold down command+V that will let you see what is happening behind the grey screen. This will tell you the problem.

You can make sure that the netboot share is available by running this on the macbook.

run this command

showmount -e ipaddressofserver

then you can check to make sure the booter file can download

run this command

tftp ipaddressofserver

then you will see a prompt

>

then run this

get NetBoot/NetBootSP0/netbootname.nbi/i386/booter

this will let you know if the macbook can receive the booter file or not

Josh_S
Contributor III

If you're still having issues, I suspect it's an issue with your image. Can you NetBoot to it while on the same subnet? Also, the "booter" and Mach/kernelcache files are *not* interchangeable between images. Don't copy these files between nbi folders.

The only thing I've really been able to do to the modification that didn't break my nbi is to modify specific files on the NetBoot image and change the format of the NetBoot image itself (I usually use sparseimage to speed transfer to different sites). I wouldn't do either of these until you can successfully boot across subnets without any modifications so you know if you "broke" your image with modifications.

Troubleshooting, at this point, really comes down to using tftp and nfs to connect to the server and make sure the files are available when you are not attempting to NetBoot. Verify your permissions on those files. They should be readable by everyone.

acdesigntech
Contributor II

I wish it was the nbi. When the laptops on the same subnet it netboots fine. Imacs from 9,1 to 11,3 and MBPs 5,3 and 6,2 have no issues with NBAS To any of my nbis. I'll test the commands above to see what's going on.

wangl2
Contributor

Hi, has anyone done this with Mavericks machines?
Cheers.

acdesigntech
Contributor II

@ ClassicII - it ended up being the PRAM. Resetting it worked.

ncottle
New Contributor III

Hopefully I am not to late to the party to get a little direction. I have tried just about every combination of commands to get our machines to (automatically or user initiated) NetInstall across subnets. The image is fine as we can go in and manually select it from the Startup Disk menu and restart the machine. It installs without fail every time on any of our subnets. The issue is doing this via a terminal command. We have a wide variety of machines from ~5 years ago through to brand new machines. We are hoping to get our older 10.4.x-10.6.x machines (that are capable of course) to 10.7.5 using the NetInstall image. I am hoping to have it set as a Self Service option. I get errors all over the place and rarely will get a machine to successfully boot via the command. The most recent and probably consistent is that it won't let me set the EFI. Most of the time I get the spinning cog or a kernel panic. We use an IP Helper too. I am at a complete loss. When we set the default NetBoot image to the NetInstall image it works fine by simply telling it to boot to the server with the bless command (bless --netboot --server tftp://xx.xx.xx.xx --nextonly.) It works fine as a Self Service policy that way too. I would like to avoid that route and only use it as a last chance option. Any help would be very much appreciated and this post has already helped out a bunch so thanks to everyone so far. Below are some of the commands I have tried. I won't include them all for fear of putting everyone to sleep. Sudo is implied in each one. I have reset the PRAM on the machines too. Also as a side note if I use ARD to specify the NetInstall image it works wonderfully across subnets.

bless --netboot --booter tftp://xx.xx.xx.xx/NetBoot/NetBootSP0/NetInstallImage.nbi/i386/booter --options rp=nfs://xx.xx.xx.xx:/Volumes/Deploy/Library/NetBoot/NetBootSP0/NetInstallImage.nbi/NetInstall.dmg

bless --netboot --booter tftp://xx.xx.xx.xx/NetBoot/NetBootSP0/NetInstallImage.nbi/i386/booter --options 'rp=nfs:xx.xx.xx.xx:/private/tftpboot/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --netboot --booter bdsp://xx.xx.xx.xx/NetBoot/NetBootSP0/NetInstallImage.nbi/i386/booter --options 'rp=nfs:xx.xx.xx.xx:/private/tftpboot/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --verbose --netboot --server bsdp://en0@xx.xx.xx.xx --booter tftp://157.246.4.38/NetBoot/NetBootSP0/NetInstallImage.nbi/i386/booter --options 'rp=nfs:xx.xx.xx.xx:/private/tftpboot/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --netboot --booter tftp://xx.xx.xx.xx/Volumes/Library/NetBoot/NetBootSP0/NetInstallImage.nbi/i386/booter --options 'rp=nfs:xx.xx.xx.xx:/Volumes/Deploy/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --netboot --server bsdp://en0@xx.xx.xx.xx/Volumes/Deploy/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --verbose --netboot --server bsdp://en0@xx.xx.xx.xx --options 'rp=nfs:xx.xx.xx.xx:/private/tftpboot/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --verbose --server bsdp://en0@xx.xx.xx.xx --options 'rp=nfs:xx.xx.xx.xx:/private/tftpboot/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --verbose --netboot --options 'rp=nfs:xx.xx.xx.xx:/private/tftpboot/NetBoot/NetBootSP0:NetInstallImage.nbi/NetInstall.dmg' --nextonly

bless --netboot --booter tftp://xx.xx.xx.xx/NetBoot/NetBootSP0/NetInstallImage.nbi/i386/booter --kernelcache tftp://xx.xx.xx.xx/NetBoot/NetBootSP0/NetInstallImagenbi/i386/x86_64/kernelcache --options 'rp=http://xx.xx.xx.xx/NetInstallImage.dmg'

frozenarse
Contributor II

The post above by @Josh_S containing the bless commands is great. My question is that with Netsus versions 2 and 3 the release notes say something about NFS being replaced by HTTP.... Does that change the commands?

Josh_S
Contributor III

I've noticed that there is now no longer any difference, since 10.9, between NetBoot and NetInstall (NetInstall now also requires the kernelcache be specified). NFS will still work with the new version of the NetSUS, so the above commands should still work.

If you'd like to use http, the command changes to:

bless --verbose --netboot --booter "tftp://${ipAddress}/${nbiName}/i386/booter" --kernelcache "tftp://${ipAddress}/${nbiName}/i386/x86_64/kernelcache" --options "rp=http://${ipAddress}/NetBoot/NetBootSP0/${nbiName}/${dmgName}" --nextonly

michaelhusar
Contributor II

Talking of the "different" .NBI s
Anybody got an "original" deploystudio.nbi running on NetSUS ?
So far I found out that *enable netboot" will only turn green after the deploystudio.plist inside the .NBI is delete.
But that's obviously not enough to make it fly...
O.k - you have to convert the .sparebundle into compressed...
Workflows look good now - any ideas why the "Utilities" menu is not working - would love to have "Terminal", StartupDisk, etc. back

scharman
New Contributor

So I am having trouble in my environment to Netboot Macs across subnets, period.

I have a NetSUS appliance running on Ubuntu 14.04 and currently getting these errors on my Netboot server
Sep 25 15:57:49 isp-osb-netsus1 dhcpd: DHCPDISCOVER from 00:50:56:a8:xx:xx(the other DHCP server) via eth0: network 10.xx.0.0/16: no free leases
The host which is 10.xx.65.4 gives this error Sep 25 15:59:25 isp-osb-netsus1 dhcpd: DHCPREQUEST for 10.xx.65.4 from 40:6c:8f:10:74:xx via 10.xx.65.254: unknown lease 10.xx.65.4

I have a DHCP server handing out requests, could this be why I can cant use the above bless commands to boot to it?

mikethompsett
New Contributor III

Hi all,

Great info all round the only problem I'm now getting is the below:

Could not set boot device property: 0xe00002bc
Can't set EF

Not sure what I've don't wrong, but maybe someone else has had the same problem?

Cheers,
Mike

seabash
Contributor

@mikethompsett We don't use NetBoot/Install (TDM instead), but looks like this OpenRadar outlines the EFI error...
El Cap SIP blocks bless

Apple also has an El Cap-specific kb here, which explains the csrutil command (mentioned in the OpenRadar post)...
NetBoot/Install/Restore Requirements in El Capitan

Peyerovich
New Contributor

Hi All,

Has anyone successfully been able to netboot to a BSDpy server from across subnets? We've been doing so with success using a OS X server with the NetInstall service running using the syntax below:

/usr/sbin/bless --netboot --verbose --nextonly 
--booter 'tftp://x.x.x.x/NetBoot/NetBootSP0/MyNBIFile.nbi/i386/booter' 
--kernelcache 'tftp://x.x.x.x/NetBoot/NetBootSP0/MyNBIFile.nbi/i386/x86_64/kernelcache' 
--options 'rp=nfs:x.x.x.x:/private/tftpboot/Netboot/NetbootSP0:MyNBIFile.nbi/NetInstall.dmg'

However, I have yet to be able to get this to work with BSDpy running the netboot service. The syntax which I believe should be working is:

/usr/sbin/bless --netboot --verbose --nextonly 
--booter 'tftp://x.x.x.x/nbi/someNBIFile.nbi/i386/booter' 
--kernelcache 'tftp://x.x.x.x/nbi/someNBIFile.nbi/i386/x86_64/kernelcache' 
--options 'rp=http://x.x.x.x/someNBIFile.nbi/NetInstall.dmg'

The TFTP respones come back positive when trying to get the booter & kernelcache file from terminal, plus the http address prompts to download the NetInstall.dmg file when pasted into a browser.

My guess is that something is not picking up and registering correctly when the commands get written to NVRAM.

FWIW, the BSDpy works when booting on the same subnet holding down 'N' or 'Option' boot.

Thanks,

Antonin

apizz
Valued Contributor

We recently just moved our NetBoot server to BSDPY and have been having trouble blessing our computers to automatically boot to the NetBoot. I've tried @Peyerovich 's commands above but can't get it to work.

I followed Rich's post on how to whitelist NetBoot servers via macOS Recovery & csrutil - https://derflounder.wordpress.com/2015/09/05/netbooting-and-system-integrity-protection/

Any ideas?